Compare commits
6 Commits
Author | SHA1 | Date |
---|---|---|
|
1d259445b1 | |
|
8d4e35d201 | |
|
dfe8fee054 | |
|
a14d263c00 | |
|
5503a047df | |
|
145212be4d |
21
Makefile
21
Makefile
|
@ -1,21 +0,0 @@
|
|||
# Makefile for source rpm: openssh
|
||||
# $Id: Makefile,v 1.1 2004/09/09 09:34:58 cvsdist Exp $
|
||||
NAME := openssh
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attempt a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
|
@ -1,28 +0,0 @@
|
|||
--- openssh-5.2p1/session.c 2009-03-20 18:08:11.263662384 +0100
|
||||
+++ openssh-5.2p1/session.c 2009-03-20 18:26:29.925498409 +0100
|
||||
@@ -1408,6 +1408,7 @@
|
||||
const char *cp;
|
||||
char component[MAXPATHLEN];
|
||||
struct stat st;
|
||||
+ int last;
|
||||
|
||||
if (*path != '/')
|
||||
fatal("chroot path does not begin at root");
|
||||
@@ -1419,7 +1420,7 @@
|
||||
* root-owned directory with strict permissions.
|
||||
*/
|
||||
for (cp = path; cp != NULL;) {
|
||||
- if ((cp = strchr(cp, '/')) == NULL)
|
||||
+ if (((last = ((cp = strchr(cp, '/')) == NULL))))
|
||||
strlcpy(component, path, sizeof(component));
|
||||
else {
|
||||
cp++;
|
||||
@@ -1432,7 +1433,7 @@
|
||||
if (stat(component, &st) != 0)
|
||||
fatal("%s: stat(\"%s\"): %s", __func__,
|
||||
component, strerror(errno));
|
||||
- if (st.st_uid != 0 || (st.st_mode & 022) != 0)
|
||||
+ if ((st.st_uid != 0 || (st.st_mode & 022) != 0) && !(last && st.st_uid == uid))
|
||||
fatal("bad ownership or modes for chroot "
|
||||
"directory %s\"%s\"",
|
||||
cp == NULL ? "" : "component ", component);
|
|
@ -0,0 +1,12 @@
|
|||
diff -up openssh-5.2p1/contrib/ssh-copy-id.selabel openssh-5.2p1/contrib/ssh-copy-id
|
||||
--- openssh-5.2p1/contrib/ssh-copy-id.selabel 2009-06-29 23:43:03.514390092 +0200
|
||||
+++ openssh-5.2p1/contrib/ssh-copy-id 2009-06-29 23:44:11.188382120 +0200
|
||||
@@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] ||
|
||||
exit 1
|
||||
fi
|
||||
|
||||
-{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
|
||||
+{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" || exit 1
|
||||
|
||||
cat <<EOF
|
||||
Now try logging into the machine, with "ssh '$1'", and check in:
|
15
openssh.spec
15
openssh.spec
|
@ -63,7 +63,7 @@
|
|||
Summary: An open source implementation of SSH protocol versions 1 and 2
|
||||
Name: openssh
|
||||
Version: 5.2p1
|
||||
Release: 3%{?dist}%{?rescue_rel}
|
||||
Release: 6%{?dist}%{?rescue_rel}
|
||||
URL: http://www.openssh.com/portable.html
|
||||
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
|
||||
|
@ -97,7 +97,7 @@ Patch54: openssh-5.1p1-gssapi-role.patch
|
|||
Patch55: openssh-5.1p1-cloexec.patch
|
||||
Patch62: openssh-5.1p1-scp-manpage.patch
|
||||
Patch65: openssh-5.2p1-fips.patch
|
||||
Patch66: openssh-5.2p1-homechroot.patch
|
||||
Patch67: openssh-5.2p1-selabel.patch
|
||||
|
||||
License: BSD
|
||||
Group: Applications/Internet
|
||||
|
@ -229,7 +229,7 @@ an X11 passphrase dialog for OpenSSH.
|
|||
%patch55 -p1 -b .cloexec
|
||||
%patch62 -p1 -b .manpage
|
||||
%patch65 -p1 -b .fips
|
||||
%patch66 -p1 -b .homechroot
|
||||
%patch67 -p1 -b .selabel
|
||||
|
||||
autoreconf
|
||||
|
||||
|
@ -474,6 +474,15 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Sep 21 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-6
|
||||
- remove homechroot patch
|
||||
|
||||
* Tue Jun 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-5
|
||||
- create '~/.ssh/known_hosts' within proper context
|
||||
|
||||
* Tue Jun 23 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-4
|
||||
- repair broken ls in chroot %%h
|
||||
|
||||
* Fri Apr 3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-3
|
||||
- fix logging after chroot
|
||||
- enable non root users to use chroot %%h in internal-sftp
|
||||
|
|
Loading…
Reference in New Issue